freebsd-security Digest, Vol 61, Issue 3

Michael Vlasov mv at rbr.ru
Mon Jun 7 05:50:15 GMT 2004 

On Sat, 29 May 2004 12:00:52 -0700 (PDT),  
<freebsd-security-request at freebsd.org> wrote:

Hello !

Today i see in snort logs :

[**] [1:528:4] BAD-TRAFFIC loopback traffic [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
06/07-09:44:39.044590 127.0.0.1:80 -> 10.6.148.173:1566
TCP TTL:128 TOS:0x0 ID:577 IpLen:20 DgmLen:40
***A*R** Seq: 0x0  Ack: 0x75830001  Win: 0x0  TcpLen: 20
[Xref => http://rr.sans.org/firewall/egress.php]

[**] [1:528:4] BAD-TRAFFIC loopback traffic [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
06/07-09:44:39.075824 127.0.0.1:80 -> 10.6.249.83:1299
TCP TTL:128 TOS:0x0 ID:578 IpLen:20 DgmLen:40
***A*R** Seq: 0x0  Ack: 0x568A0001  Win: 0x0  TcpLen: 20
[Xref => http://rr.sans.org/firewall/egress.php]

[**] [1:528:4] BAD-TRAFFIC loopback traffic [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
06/07-09:44:39.107072 127.0.0.1:80 -> 10.6.96.121:1032
TCP TTL:128 TOS:0x0 ID:579 IpLen:20 DgmLen:40
***A*R** Seq: 0x0  Ack: 0x37920001  Win: 0x0  TcpLen: 20
[Xref => http://rr.sans.org/firewall/egress.php]

Why ? ;-)

> Send freebsd-security mailing list submissions to
> 	freebsd-security at freebsd.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://lists.freebsd.org/mailman/listinfo/freebsd-security
> or, via email, send a message with subject or body 'help' to
> 	freebsd-security-request at freebsd.org
>
> You can reach the person managing the list at
> 	freebsd-security-owner at freebsd.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of freebsd-security digest..."
>
>
> Today's Topics:
>
>    1. X & securelevel=3 (bofn)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 29 May 2004 05:43:23 +0200
> From: "bofn" <bofn at irq.org>
> Subject: X & securelevel=3
> To: freebsd-security at freebsd.org
> Message-ID: <web-3714609 at sqnork.irq.org>
> Content-Type: text/plain; charset="ISO-8859-1"
>
>
> running (4-Stable)
>
> Hi,
>
> short form question:
>  how does one run XDM under securelevel>0 ?
>
> long version:
> i've searched for an answer on how to run Xfree/Xorg at a securelevel
> the X server likes access to /dev/io and some other resources but is not
> granted access after security is switched on.
> one way of doing it seems to be to start it before setting the  
> securelevel, but
> then is doesnt allow a restart of X.
> the other option seems to be the Aperture patch, ported in 2001 with no  
> recent
> updates and no longer usable against the current software.
>
> 2nd part of the question..
> cd writing needs direct access to /dev/<acd0c> and that is also not  
> allowed in
> secure more.
> how can one give selective access to only allow (RW) access to one or two
> devices ?
>
> if there is no way of doing these things with configs and such, can  
> anyone
> point me at the relevant source code that controls these functions so i  
> can add
> this specific functionality.
>
>
> Cheers
> * Anna
>
>
> ------------------------------
>
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to  
> "freebsd-security-unsubscribe at freebsd.org"
>
> End of freebsd-security Digest, Vol 61, Issue 3
> ***********************************************

More information about the freebsd-security mailing list